Vulnerability CVE-2017-14798


Published: 2018-03-01

Description:
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
PostgreSQL 9.4-0.5.3 Privilege Escalation
Johannes Segitz
14.08.2018

Type:

CWE-362

Vendor: Postgresql
Product: Postgresql 
Version:
9.4
9.3.9
9.3.8
9.3.7
9.3.6
9.3.5
9.3.4
9.3.3
9.3.22
9.3.21
9.3.20
9.3.2
9.3.19
9.3.18
9.3.17
9.3.16
9.3.15
9.3.14
9.3.13
9.3.12
9.3.11
9.3.10
9.3.1
9.3.0
9.3
9.2.7
9.2.6
9.2.5
9.2.4
9.2.3
9.2.24
9.2.23
9.2.22
9.2.21
9.2.20
9.2.2
9.2.19
9.2.18
9.2.17
9.2.16
9.2.15
9.2.14
9.2.1
9.2
9.1.9
9.1.8
9.1.7
9.1.6
9.1.5
9.1.4
9.1.3
9.1.24
9.1.23
9.1.22
9.1.21
9.1.20
9.1.2
9.1.19
9.1.12
9.1.11
9.1.10
9.1.1
9.1
9.0.9
9.0.8
9.0.7
9.0.6
9.0.5
9.0.4
9.0.3
9.0.23
9.0.21
9.0.20
9.0.2
9.0.18
9.0.17
9.0.16
9.0.15
9.0.14
9.0.13
9.0.12
9.0.11
9.0.10
9.0.1
9.0
8.4.9
8.4.8
8.4.7
8.4.6
8.4.5
8.4.4
8.4.3
8.4.22
8.4.21
8.4.20
8.4.2
8.4.19
8.4.18
8.4.17
8.4.16
See more versions on NVD

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://lists.suse.com/pipermail/sle-security-updates/2017-November/003420.html
https://bugzilla.suse.com/show_bug.cgi?id=1062722
https://www.exploit-db.com/exploits/45184/
https://www.suse.com/de-de/security/cve/CVE-2017-14798/

Related CVE
CVE-2019-10130
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histog...
CVE-2019-10129
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table s...
CVE-2019-10164
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often su...
CVE-2019-9193
** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser ...
CVE-2018-10936
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle atta...
CVE-2016-7048
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could...

Copyright 2019, cxsecurity.com

 

Back to Top